Protecting sensitive data that is stored in mobile devices or accessed through mobile devices is a fundamental security problem. Users store, access, process and manage high volumes of personal or enterprise data through their mobile devices, and this data must be protected against leakage to unauthorized parties due to partial or full compromise of the device by an attacker. For example, if a device is lost or stolen, or if the device gets infected by some malicious software, or even if a malicious party gets temporary access to the device, the sensitive data stored in the device or accessed through this device should remain protected. In particular, a user's data should maintain its confidentiality and integrity even when an attacker gains possession of the secret state of the device.
Secure data protection in mobile settings entails certain challenges. On one hand, for better security, data should be hardened by the use of cryptographic tools (e.g., encryption for data confidentiality), wherein strong keys must be generated, used and managed for this purpose. However, these keys must themselves be protected, and key protection in mobile settings introduces more challenges. If keys are stored locally, they are prone to leakage from a possible compromise of the secret state of the device (e.g., after a loss or theft of the device or by installing malware in the device). Alternatively, if the keys are managed through cloud-based services, access to the data protected by the keys is restricted to operational settings that require connectivity to a cloud server in order to retrieve the keys. This may introduce severe performance or usability issues (e.g., for establishing a secure connection with the server).
On the other hand, for better usability, access to data should be controlled in ways that require minimal user involvement and incur no usage distraction. If keys are associated with password-protected credentials, or if keys are replaced altogether by passwords, then security and usability are both negatively affected. Passwords tend to have low entropy and thus are susceptible to dictionary attacks. In addition, the user can be distracted by being asked to frequently enter a password or personal identification number (PIN). Additionally, password-based protection of mobile data limits the possibility for flexible access control structures, since the user cannot remember too many passwords that control access to different types of protected data.
A number of solutions based on secret sharing schemes have been proposed to address some of the above challenges for secure data protection in mobile devices. For example, a number of solutions employ a cryptographically strong key for protecting sensitive data, wherein this key is split into two or more shares dispersed amongst a set of devices (e.g., mobile devices, smart objects and online servers). Access to the data protected by such a split key requires reconstruction of the split key.
Nonetheless, a need remains for improved security techniques for protecting the sensitive data that is stored on devices, such as mobile devices, or that is accessed through such devices.